From 7064fb58dec8fdeb88de6e9cb04149cfcb1f55fc Mon Sep 17 00:00:00 2001 From: Isa Farnik Date: Wed, 5 Jun 2024 15:22:15 -0700 Subject: [PATCH] feat: Ubuntu 24.04 (Noble Numbat) --- .github/matrix-commitly.yml | 11 +- .github/matrix-full.yml | 26 ++- .github/workflows/release.yml | 13 +- build/README.md | 4 +- build/cross_deps/libxcrypt/repositories.bzl | 7 +- .../unreleased/kong/add-noble-numbat.yml | 2 + scripts/explain_manifest/config.py | 26 +++ .../fixtures/ubuntu-24.04-amd64.txt | 195 ++++++++++++++++++ .../fixtures/ubuntu-24.04-arm64.txt | 193 +++++++++++++++++ scripts/explain_manifest/suites.py | 5 +- scripts/release-kong.sh | 3 + 11 files changed, 465 insertions(+), 20 deletions(-) create mode 100644 changelog/unreleased/kong/add-noble-numbat.yml create mode 100644 scripts/explain_manifest/fixtures/ubuntu-24.04-amd64.txt create mode 100644 scripts/explain_manifest/fixtures/ubuntu-24.04-arm64.txt diff --git a/.github/matrix-commitly.yml b/.github/matrix-commitly.yml index 7685340597c3..0c5d9cf4d3a2 100644 --- a/.github/matrix-commitly.yml +++ b/.github/matrix-commitly.yml @@ -1,15 +1,16 @@ # please see matrix-full.yml for meaning of each field build-packages: -- label: ubuntu-22.04 - os: ubuntu-22.04 +- label: ubuntu-24.04 + os: ubuntu-24.04 package: deb - check-manifest-suite: ubuntu-22.04-amd64 + check-manifest-suite: ubuntu-24.04-amd64 build-images: - label: ubuntu - base-image: ubuntu:22.04 + base-image: ubuntu:24.04 package: deb - artifact-from: ubuntu-22.04 + artifact-from: ubuntu-24.04 + check-manifest-suite: docker-image-ubuntu-24.04 smoke-tests: - label: ubuntu diff --git a/.github/matrix-full.yml b/.github/matrix-full.yml index b011607f4c89..42b5dd59a531 100644 --- a/.github/matrix-full.yml +++ b/.github/matrix-full.yml @@ -18,6 +18,13 @@ build-packages: package: deb bazel-args: --platforms=//:generic-crossbuild-aarch64 check-manifest-suite: ubuntu-22.04-arm64 +- label: ubuntu-24.04 + package: deb + check-manifest-suite: ubuntu-24.04-amd64 +- label: ubuntu-24.04-arm64 + package: deb + bazel-args: --platforms=//:generic-crossbuild-aarch64 + check-manifest-suite: ubuntu-24.04-arm64 # Debian - label: debian-10 @@ -85,11 +92,12 @@ build-images: # Ubuntu - label: ubuntu - base-image: ubuntu:22.04 + base-image: ubuntu:24.04 package: deb - artifact-from: ubuntu-22.04 - artifact-from-alt: ubuntu-22.04-arm64 + artifact-from: ubuntu-24.04 + artifact-from-alt: ubuntu-24.04-arm64 docker-platforms: linux/amd64, linux/arm64 + check-manifest-suite: docker-image-ubuntu-24.04 # Debian - label: debian @@ -136,6 +144,18 @@ release-packages: artifact-version: 22.04 artifact-type: ubuntu artifact: kong.arm64.deb +- label: ubuntu-24.04 + package: deb + artifact-from: ubuntu-24.04 + artifact-version: 24.04 + artifact-type: ubuntu + artifact: kong.amd64.deb +- label: ubuntu-24.04-arm64 + package: deb + artifact-from: ubuntu-24.04-arm64 + artifact-version: 24.04 + artifact-type: ubuntu + artifact: kong.arm64.deb # Debian - label: debian-10 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ccfc66b436b8..580362e4e49e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -436,15 +436,22 @@ jobs: - name: Verify run: | cd scripts/explain_manifest + + SUITE='docker-image' + if [ -n '${{ matrix.check-manifest-suite }}' ]; then + SUITE='${{ matrix.check-manifest-suite }}' + fi + # docker image verify requires sudo to set correct permissions, so we # also install deps for root - sudo -E pip install -r requirements.txt + sudo -H -E pip install -r requirements.txt + IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} - sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image + sudo -H -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s "$SUITE" if [[ ! -z "${{ matrix.docker-platforms }}" ]]; then - DOCKER_DEFAULT_PLATFORM=linux/arm64 sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image + DOCKER_DEFAULT_PLATFORM=linux/arm64 sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s "$SUITE" fi scan-images: diff --git a/build/README.md b/build/README.md index ea480c7a8e0e..7ab166a398b0 100644 --- a/build/README.md +++ b/build/README.md @@ -98,7 +98,7 @@ Each targets under `//build:install` installs an independent component that composes the Kong runtime environment. We can query `deps(//build:install, 1)` recursively to find the target that only build and install specific component. This would be useful if one is debugging the issue of a specific target without -the need to build whole Kong runtime environment. +the need to build whole Kong runtime environment. We can use the target labels to build the dependency directly, for example: @@ -222,7 +222,7 @@ time to control how the ngx_wasm_module repository is sourced: ## Cross compiling -Cross compiling is currently only tested on Ubuntu 22.04 x86_64 with following targeting platforms: +Cross compiling is currently only tested on Ubuntu 22.04/24.04 x86_64 with following targeting platforms: - **//:generic-crossbuild-aarch64** Use the system installed aarch64 toolchain. - Requires user to manually install `crossbuild-essential-arm64` on Debian/Ubuntu. diff --git a/build/cross_deps/libxcrypt/repositories.bzl b/build/cross_deps/libxcrypt/repositories.bzl index f6c28d022445..d81d00e01dc4 100644 --- a/build/cross_deps/libxcrypt/repositories.bzl +++ b/build/cross_deps/libxcrypt/repositories.bzl @@ -9,10 +9,11 @@ def libxcrypt_repositories(): # thus crypt.h and libcrypt.so.1 are missing from cross tool chain # ubuntu2004: 4.4.10 # ubuntu2204: 4.4.27 + # ubuntu2204: 4.4.36 http_archive( name = "cross_deps_libxcrypt", - url = "https://github.com/besser82/libxcrypt/releases/download/v4.4.27/libxcrypt-4.4.27.tar.xz", - sha256 = "500898e80dc0d027ddaadb5637fa2bf1baffb9ccd73cd3ab51d92ef5b8a1f420", - strip_prefix = "libxcrypt-4.4.27", + url = "https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz", + sha256 = "e5e1f4caee0a01de2aee26e3138807d6d3ca2b8e67287966d1fefd65e1fd8943", + strip_prefix = "libxcrypt-4.4.36", build_file = "//build/cross_deps/libxcrypt:BUILD.libxcrypt.bazel", ) diff --git a/changelog/unreleased/kong/add-noble-numbat.yml b/changelog/unreleased/kong/add-noble-numbat.yml new file mode 100644 index 000000000000..b841eeafde3d --- /dev/null +++ b/changelog/unreleased/kong/add-noble-numbat.yml @@ -0,0 +1,2 @@ +message: "Add Ubuntu 24.04 (Noble Numbat) to build" +type: dependency diff --git a/scripts/explain_manifest/config.py b/scripts/explain_manifest/config.py index 131f61dad278..df279d2bd0b3 100644 --- a/scripts/explain_manifest/config.py +++ b/scripts/explain_manifest/config.py @@ -150,6 +150,19 @@ def transform(f: FileInfo): }, } ), + "ubuntu-24.04-amd64": ExpectSuite( + name="Ubuntu 24.04 (amd64)", + manifest="fixtures/ubuntu-24.04-amd64.txt", + tests={ + common_suites: {}, + libc_libcpp_suites: { + "libc_max_version": "2.39", + # gcc 13.2.0 + "libcxx_max_version": "3.4.32", + "cxxabi_max_version": "1.3.14", + }, + }, + ), "debian-10-amd64": ExpectSuite( name="Debian 10 (amd64)", manifest="fixtures/debian-10-amd64.txt", @@ -196,6 +209,16 @@ def transform(f: FileInfo): docker_suites: {}, } ), + "docker-image-ubuntu-24.04": ExpectSuite( + name="Ubuntu 24.04 Docker Image", + manifest=None, + tests={ + docker_suites: { + "kong_uid": 1001, + "kong_gid": 1001, + }, + } + ), } # populate arm64 and fips suites from amd64 suites @@ -212,5 +235,8 @@ def transform(f: FileInfo): if target == "amazonlinux-2023-amd64": e.use_rpath = True + if "ubuntu-24.04" in target: + e.kong_user_group_id = 1001 + # ubuntu-22.04-arm64 targets[target.replace("-amd64", "-arm64")] = e diff --git a/scripts/explain_manifest/fixtures/ubuntu-24.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-24.04-amd64.txt new file mode 100644 index 000000000000..bee32048e1f7 --- /dev/null +++ b/scripts/explain_manifest/fixtures/ubuntu-24.04-amd64.txt @@ -0,0 +1,195 @@ +- Path : /etc/kong/kong.logrotate + +- Path : /lib/systemd/system/kong.service + +- Path : /usr/local/kong/gui + Type : directory + +- Path : /usr/local/kong/include/google + Type : directory + +- Path : /usr/local/kong/include/kong + Type : directory + +- Path : /usr/local/kong/lib/engines-3/afalg.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/capi.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/loader_attic.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/padlock.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libcrypto.so.3 + Needed : + - libstdc++.so.6 + - libm.so.6 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libexpat.so.1.9.2 + Needed : + - libc.so.6 + +- Path : /usr/local/kong/lib/libsnappy.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libgcc_s.so.1 + - libc.so.6 + +- Path : /usr/local/kong/lib/libssl.so.3 + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/ossl-modules/legacy.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lfs.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lpeg.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lsyslog.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_pack.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_system_constants.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lxp.so + Needed : + - libexpat.so.1 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/mime/core.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/pb.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/core.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/serial.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/unix.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/ssl.so + Needed : + - libssl.so.3 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/yaml.so + Needed : + - libyaml-0.so.2 + - libc.so.6 + +- Path : /usr/local/openresty/lualib/cjson.so + Needed : + - libc.so.6 + +- Path : /usr/local/openresty/lualib/librestysignal.so + +- Path : /usr/local/openresty/lualib/rds/parser.so + Needed : + - libc.so.6 + +- Path : /usr/local/openresty/lualib/redis/parser.so + Needed : + - libc.so.6 + +- Path : /usr/local/openresty/nginx/modules/ngx_wasmx_module.so + Needed : + - libm.so.6 + - libgcc_s.so.1 + - libc.so.6 + - ld-linux-x86-64.so.2 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + +- Path : /usr/local/openresty/nginx/sbin/nginx + Needed : + - libcrypt.so.1 + - libluajit-5.1.so.2 + - libm.so.6 + - libssl.so.3 + - libcrypto.so.3 + - libz.so.1 + - libc.so.6 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + Modules : + - lua-kong-nginx-module + - lua-kong-nginx-module/stream + - lua-resty-events + - lua-resty-lmdb + - ngx_brotli + - ngx_wasmx_module + OpenSSL : OpenSSL 3.2.1 30 Jan 2024 + DWARF : True + DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libm.so.6 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/ubuntu-24.04-arm64.txt b/scripts/explain_manifest/fixtures/ubuntu-24.04-arm64.txt new file mode 100644 index 000000000000..916b90bf1d39 --- /dev/null +++ b/scripts/explain_manifest/fixtures/ubuntu-24.04-arm64.txt @@ -0,0 +1,193 @@ +- Path : /etc/kong/kong.logrotate + +- Path : /lib/systemd/system/kong.service + +- Path : /usr/local/kong/gui + Type : directory + +- Path : /usr/local/kong/include/google + Type : directory + +- Path : /usr/local/kong/include/kong + Type : directory + +- Path : /usr/local/kong/lib/engines-3/afalg.so + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/capi.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/loader_attic.so + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/padlock.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libcrypto.so.3 + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libexpat.so.1.9.2 + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/kong/lib/libsnappy.so + Needed : + - libstdc++.so.6 + - libgcc_s.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/kong/lib/libssl.so.3 + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/ossl-modules/legacy.so + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lfs.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lpeg.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lsyslog.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_pack.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_system_constants.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lxp.so + Needed : + - libexpat.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/mime/core.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/pb.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/core.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/serial.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/unix.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/ssl.so + Needed : + - libssl.so.3 + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/yaml.so + Needed : + - libyaml-0.so.2 + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/lualib/cjson.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/lualib/librestysignal.so + +- Path : /usr/local/openresty/lualib/rds/parser.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/lualib/redis/parser.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/nginx/modules/ngx_wasmx_module.so + Needed : + - libm.so.6 + - libgcc_s.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + +- Path : /usr/local/openresty/nginx/sbin/nginx + Needed : + - libcrypt.so.1 + - libluajit-5.1.so.2 + - libm.so.6 + - libssl.so.3 + - libcrypto.so.3 + - libz.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + Modules : + - lua-kong-nginx-module + - lua-kong-nginx-module/stream + - lua-resty-events + - lua-resty-lmdb + - ngx_brotli + - ngx_wasmx_module + OpenSSL : OpenSSL 3.2.1 30 Jan 2024 + DWARF : True + DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libc.so.6 diff --git a/scripts/explain_manifest/suites.py b/scripts/explain_manifest/suites.py index 85238d565175..0992183c5f48 100644 --- a/scripts/explain_manifest/suites.py +++ b/scripts/explain_manifest/suites.py @@ -127,10 +127,7 @@ def arm64_suites(expect): expect("/usr/local/openresty/nginx/sbin/nginx", "Nginx is arm64 arch") \ .arch.equals("AARCH64") -def docker_suites(expect): - kong_uid = 1000 - kong_gid = 1000 - +def docker_suites(expect, kong_uid: int = 1000, kong_gid: int = 1000): expect("/etc/passwd", "kong user exists") \ .text_content.matches("kong:x:%d" % kong_uid) diff --git a/scripts/release-kong.sh b/scripts/release-kong.sh index aea7858a18c9..c8efdb6615e5 100755 --- a/scripts/release-kong.sh +++ b/scripts/release-kong.sh @@ -100,6 +100,9 @@ function push_package () { if [ "$ARTIFACT_VERSION" == "22.04" ]; then dist_version="--dist-version jammy" fi + if [ "$ARTIFACT_VERSION" == "24.04" ]; then + dist_version="--dist-version noble" + fi # test for sanitized github actions input if [[ -n "$(echo "$PACKAGE_TAGS" | tr -d 'a-zA-Z0-9._,')" ]]; then